Five Tips For Staying Safe In The Metaverse

21 Mar 2022

Ruben Merre NGRAVE Co-founder & CEO

Five Tips For Staying Safe In The Metaverse

The Metaverse promises a world of digital possibilities. No one is sure how it will function, so given our focus on securing your crypto assets, NGRAVE is offering five tips to stay safe in the Metaverse.

  • Article Quick Links:
  • 1 - Hot Wallets are gateways to the Metaverse; understand their vulnerability
  • 2 - Don't expect to strike it rich in the Metaverse
  • 3 - Moderating the Metaverse will be a huge challenge
  • 4 - The Metaverse threat to data & privacy
  • 5 - Understand the risks of trading NFTs
  • Staying safe in the Metaverse
  • You might also like...

You may have yet to step into the Metaverse, but chances are you’ve heard about it. The Metaverse is where our physical and digital lives are expected to merge, working, playing and socialising in virtual and augmented reality worlds, with a heavy reliance on decentralised concepts like crypto wallets & tokens. Though the Metaverse promises a world of digital possibilities, no one is really sure how it will function, so given our focus on securing your crypto assets, NGRAVE is offering five tips to stay safe in the Metaverse.

1 - Hot Wallets are gateways to the Metaverse; understand their vulnerability

The term Metaverse is broad, relating to a huge range of concepts, many of which are a long way from a functioning product. One consistent theme however, is the focus on control and ownership of a Metaverse identity, and of the value that identity creates as it interacts in the virtual or augmented world.

Whatever value you put into a Metaverse belongs to you, and can be monetised - exchanged in the real world. Though streamers can generate huge incomes from sharing their skill in Minecraft, that value is generated through permissioned external platforms like Twitch or Youtube, rather than being extracted directly from the game itself.

There have been unofficial markets for in-game items - Skins - from games like CS:GO for a number of years, but lacked a legitimate mechanism for trade and exchange. Then along came Ethereum.

The Ethereum blockchain supports decentralised and permissionless digital applications (dApps) which can exchange value using standardised tokens - such as ERC20 coins and NFTs. Crypto wallets, enabling storing and exchange of these tokens, soon followed.

MetaMask is the recommended digital wallet for blockchain-based Metaverse experiences like Decentraland where your Avatar can explore the 3D virtual space, as well as buy and develop parcels of LAND, the ownership of which is represented by NFT and recorded in a Smart Contract.

You use the native Decentraland token - MANA - to pay for the land, gamble in a virtual casino, watch an exclusive concert, or develop a unique look for your avatar, with custom NFT apparel.

All of these transactions are managed by your MetaMask wallet, which is what is known as a self-custodial Hot Wallet. You can dive deeper into wallets in the NGRAVE Academy, but the two key things to understand are:

  • Hot Wallets are online by default, so are vulnerable to scams
  • You must protect your wallet Seed, the failsafe for recovering it, like a master password; without it, everything you create and own in the Metaverse could be lost

Though you will be able to experience the Metaverse without a browser wallet, they are a core element, and also a point of weakness. Hackers are preying on newcomers to the Metaverse, using all the usual array of scams from phishing to social engineering, to gain access to Hot Wallets.

2 - Don't expect to strike it rich in the Metaverse

The explosion in popularity of decentralised Metaverse experiences has been described as the digital version of a gold rush. There is in fact a Metaverse called Goldfever, where you can play the role of prospector, looking to purchase claims that might yield virtual gold.

The reality of the most famous ever Gold Rush, the Klondike from 1896-1899, was that many set off (about 100,000), but only a third actually made it to the gold fields. Many of those were bewildered by the demands of mining, and never even attempted to meaningfully look for any gold. Of those that did prospect, only a few hundred found gold in enough quantity to call themselves rich, once all their costs were accounted for.

The story is likely to be the same in the rush to the Metaverse, where parcels of land and collectibles items can be purchased and traded as NFTs, while the economy of the platforms supporting the whole experience is driven by native tokens.

It is easy to be seduced by headlines about parcels of virtual land selling for huge amounts, or NFT spaceships for games that don’t yet even have a playable version. This won’t be the experience for the majority of users in the Metaverse. 

Subscribe To The NGRAVE Blog

Get the latest insights on crypto, security, blockchain, and more.

By signing up, you agree to receive our marketing offers following our Privacy Policy. You can unsubscribe at any time.

Just like any investment, you need  initial capital in order to generate value, buying land or characters, then putting time and effort into developing them. Every transaction has a Gas fee, which has to be taken into consideration.

Metaverse gameplay is already being professionally monetised with Gaming Guilds, which address the financial barrier to entry, renting out NFTs and deriving a share of the profit generated by the ‘scholars’ who then develop them in games like Axie Infinity.

Even if you're just speculating in the underlying tokens, and never set foot in the Metaverse, you’ll need to invest a huge amount of time understanding the underlying game economy, and tokenomics. Hype means that many people invest in tokens simply because they are in the Metaverse category on Coinmarketcap, despite the fact that many have no functioning game, or technical ability to deliver on their promotional videos. Just as with the dot com era, few of these projects are likely to survive, let alone thrive.

If you are curious about the Metaverse simply explore and experiment, treating it as you would any of recreation. You may find that you are able to generate some value, but be realistic about the opportunity and don’t take unreasonable risks, in what is a very speculative area.

3 - Moderating the Metaverse will be a huge challenge

Though the Metaverse has been discussed within crypto circles for some time, wider interest was spurred by Facebook pivoting their entire brand and business model to the Metaverse, changing their name to Meta in October 2021. 

Facebook struggle to moderate content on their existing platforms, despite employing vast warehouses of moderators in places like the Philippines, to try and weed out abusive, offensive and extremist/fake content. 

A memo from March 2021, authored by the guy in charge of their push into the Metaverse, Andrew Bosworth, and reported by the Financial Times, suggested that ‘moderating how users speak and behave “at any meaningful scale is practically impossible”’.

Given the Metaverse is ambiguous in terms of what it actually means, there will be no single code of conduct for interaction, which can take the form of messaging, discussion via your laptop microphone or even contact via haptic gloves.

It is also hard to see how the content within a permissionless Metaverse can be tailored to the ages of the participants, given that truly decentralised applications don’t require KYC.

A BBC researcher posed as a 13 year old girl in a centralised Metaverse app, witnessed ‘grooming, sexual material, racist insults and a rape threat’. This doesn’t mean every Metaverse will expose users to these safety risks, but the challenge of moderation will be huge. 

Decentralised Metaverse run via DAO can try and use governance to incentivise good behaviour and policing, but the Metaverse is like the Wild West, and you cannot rely on a cyber-Sheriff to protect everyone.

4 - The Metaverse threat to data & privacy

Given how immersive the Metaverse promises to be, the amount of data collected will dwarf what we generate through existing web 2.0 social profiles.

Every movement and interaction of our virtual 3D selves might be captured, analysed and potentially monetised, in ways we cannot yet fully understand. The use of VR Headsets has created an entirely new data-set that will be valuable to platforms and advertisers; eye tracking and Pupillometry, collectively known as Biometric Psychography. 

A 2020 paper by Brittan Heller, ‘Reimagining Reality: Human Rights and Immersive Technology’ sets out in stark detail ‘the psychological and physiological aspects of immersive technologies, and the potential for a new invasive class of privacy-related harms.’

Given that one of the defining weaknesses of the current iteration of the web is the harvesting and monetisation of personal data, what confidence can we have that web 3.0 and the Metaverse will get things right?

The early Metaverse experiences based on decentralised applications still rely heavily on old school - centralised - concepts like CRM, tracking Discord activity (a pivotal element of any Metaverse community) and IP detection, which is joining comes with a heavy Data and Privacy disclaimer.

Given the unique mechanics of each Metaverse, there is no consistency over what data will be collected, and who owns and can share it. Even applying existing frameworks like GDPR will be a minefield because you’d have to establish where the Metaverse exists from a legal perspective.

Trying to manage the Metaverse as a community via a DAO adds a further level of complexity regarding how these decisions are data handling might even be made.

So if you’re excited about web 3.0 and taking control of your data and privacy, take a moment to reflect on how much more personal information you might be sharing albeit in a virtual wrapper. If you’re using a VR Headset, understand what data it generates, how it is shared and to who, and how to maximise its security.

“[Immersive technology] is just like the atom splitting. It can be used for helping mankind, lifting mankind, or it can be used for destroying mankind. That's where we are with virtual reality. We're on the cusp of having powerful tools like fire. What are we going to do with it? How are we going to use it? How are we going to put in safeguards so that we don't get burned?”

- Dr. Thomas Furness, Developer of first immersive technologies

5 - Understand the risks of trading NFTs

NFTs - non fungible tokens - are an integral part of the Metaverse’s appeal. They enable the tokenisation and exchange of the discrete elements that make up your virtual character and the things you discover and build.

This might include custom virtual sneakers for your Avatar, or a piece of virtual land with a property on which you can build a business selling virtual sneakers.

Some NFTs will be specific to the Metaverse, others not, like NFT art hanging in a virtual gallery. 

Each Metaverse will therefore have its own marketplace, but much of the trading of NFTs happens on standalone public NFT marketplaces like OpenSea. 

Founded in 2017, the New York-based company is already valued at $13bn, generating revenue from minting, listing and selling NFTs, which has become a distinct niche of crypto trading, with its own set of risks, given the sums of money involved.

Wash Trading

One of the biggest scams within NFT trading is where the Buyer and Seller are the same person. This so-called ‘Wash Trading’ enables the creation of a false sense of the value of an NFT, and is hard to detect given marketplace users don’t have to identify themselves.

Uncancelled Listings

One of the biggest controversies that OpenSea has had to address is the consequence of charging users for many of the marketplace functions, such as cancelling an NFT listing.

Given all transactions happen on the blockchain, the most popular being Ethereum, they come with an associated cost, including for cancelling a listing, which some users didn’t want to pay. 

This ended up being a very expensive mistake where the value of the NFT greatly increased, because savvy users were able to hunt down uncancelled listings and snap up a bargain.

OpenSea acknowledged this issue by enabling a bulk cancellation feature, and changing how listing works going forward.


Though a key attraction of NFTs is how they provide an immutable record without trust, this attribute isn’t 100% watertight because of the issue of plagiarism - in simple terms, copying.

The hype around NFTs has led to scammers simply minting existing digital images - the rights for which belong to someone else - and listing them for sale on NFT marketplaces. This is extremely hard to police, the same is true of NFTs which are minted on multiple, separate blockchains. 

Exchanges are clearly aware of the issue, and trying to find ways to minimise the risks, but OpenSea has been open about the scale of the problem. It had to reverse an attempt in early 2022 to limit how many NFTs can be minted due to this issue and the problem of spam.

With no easy fix to the problem of buying a pirate NFT you should do your own due diligence before buying something which the seller has no right to list, and will therefore have no resale value.

Fake Provenance

Provenance is a big element of NFT trading, the ability to see a trade history, and whether the account holders are verified. Unfortunately, this can be easily manipulated. A scammer can transfer an NFT to a verified account without request, using that as proof they are legit, enabling them to rip off users.

Staying safe in the Metaverse

The Steven Spielberg film ‘Ready Player One’ interpreting a novel by Ernest Cline, provides a fascinating vision of where the Metaverse might lead. It boils down to a good vs evil battle for the Oasis - a vast Metaverse - where the bad guy, Nolan Sorrento, is ironically undone by leaving the passphrase to his avatar on a post-it note.

Though we’re a long way from Cline’s vision, make sure you take proper precautions to protect your identity, data and any value you create in the Metaverse.


You might also like...

In this episode, DIVI Crypto Podcast talks with Ruben Merre, Co-founder and CEO of NGRAVE about the Metaverse.

NGRAVE Co-founder & CEO
Ruben Merre

Ruben is a repeat tech entrepreneur. His focus is on digital asset security and financial empowerment. He is co-founder and CEO of NGRAVE, the creator of “ZERO” - the world’s most secure hardware wallet for crypto storage. In 2021, he was selected for Belgium’s 40 under 40. Before that, he was a finalist in’s Disruptive Innovator of the Year 2020 Award, and nominated in Google/PWC/Trends’ Digital Pioneer 2020.